- Morphisec researchers saw Matanbuchus 3.0 in the wild
- Malware serves as a loader for cobalt strikes or ransomware
- The victims are contacted through teams and asked for remote las
Security researchers are warning about an ongoing campaign, which is to call Microsoft teams to deploy a piece of malware called Mtanbuchus 3.0.
According to Cybessic outfit Morphisch, an unknown hacking group first selects its victims carefully, and then reaches through Microsoft teams, presenting as an external IT team.
They try to convince the victim that they have a problem with their device and need to give them remote access to fix the problem. Since the victims are cherry-picked, there is more likely to be successful.
Expensive malware-e-survis
Once the access is provided, usually through quick assistance, the attackers execute a powerrashel script, which deploys Matanbuchus 3.0, a malware loader that can give birth to a malware loader that can also give birth to a cobalt strike beacon, or even ransomware.
Morphishe CTO Michael Gorelic said, “The victims are carefully targeted and persuaded to execute a script that triggers the download of a collection.” “This collection has a name given notepad ++ updator (GUP), a slightly modified configuration XML file, and a malicious side-loaded DLL that represents Matanbuchus loader.”
This malware was first spotted in 2021, the Hacker News report, where the cyber criminal advertised it for $ 2,500 on Russian speaking forums. Since then, malware has developed to include new features, better communication, more secret, CMD and powerful support, and more. It is clearly more cost, now the monthly service price of $ 10,000 for the HTTPS version and $ 15,000 for the DNS version.
While researchers do not identify the attackers, he said that similar social engineering strategy was used by a group called Black Basta to deploy ransomware in the past.
In the past, black bag was one of the most dangerous ransomware operations in existence, but has been gradually phased down since then. Later this year, a cyber criminal release chat logs that expand the internal functioning of the group.
Through Hacker news
